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About This Guide 


This guide describes how to install, configure, and manage the Apache Web Server on NetWare® 
using Apache Manager. 


HINT: If you are already familiar with the Apache Web server, you can manage it in the same way you do on 
other platforms: by manually modifying the HTTPD.CONF file. Refer to the official Apache documentation on 
the Apache Web site (http://www.apache.org). 


This guide is intended for Web or network administrators who will install, configure, and manage 
the Apache Web Server on NetWare. Developers might also find the information to be helpful. It 
is divided into the following sections: 


* Chapter 1, “Overview: Apache Web Server,” on page 11 

* Chapter 2, “Installation and Configuration,” on page 17 

* Chapter 3, “Managing Apache Web Server Preferences,” on page 21 
* Chapter 4, “Managing Server Content,” on page 35 

* Chapter 5, “Managing Apache Modules,” on page 47 


Additional Documentation 


Refer to the following online resources for official Apache documentation and related information: 
* Apache 2.0 Documentation (http://httpd.apache.org/docs-2.0) 
* Apache Quick Reference Card (http://www.refcards.com) 


Documentation Conventions 


In this documentation, a greater-than symbol (>) is used to separate actions within a step and items 
within a cross-reference path. 


Also, a trademark symbol @, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third- 
party trademark. 
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Overview: Apache Web Server 


The Apache Web server is the Web server of choice for more than 67% of all Web servers being 
used on the World Wide Web today. Its popularity comes from the fact that it is the most reliable 
and secure Web server available. It is open-source software, created by the Apache Foundation, a 
conglomerate of technical professionals from all over the world. 


Apache runs on all major platforms and is capable of hosting even the most complex Web sites 
and can scale to handle thousands of simultaneous connections. 


This overview introduces you to the benefits and uses of Apache on NetWare. 


Benefits of Apache on NetWare 


Apache provides many business benefits to your existing network that together can increase 
productivity, improve communication between departments and employees and, when used in 
conjunction with the Novell® exteNd™ Application Server, turn your legacy applications and 
processes into integrated solutions that speed up your business. 


Here are some of the key uses and benefits of using Apache on NetWare: 


+ Provides a highly reliable and fast Web server for hosting simple or complex Web sites, which 
can be used as 


* A method for securely sharing department- or company-wide information for use by 
employees and business partners, regardless of where they are located. 


* A corporate Web server for hosting your company Web site on the World Wide Web. 
* A method for sharing project information and improving team collaboration. 
* Hosting company policies and procedures. 


+ Offers tight integration with eDirectory™ and Secure Sockets Layer (SSL) through the use of 
a customized NetWare specific Apache module, providing a highly secure method for sharing 
sensitive company information over the Internet. 


* Hasan easy-to-use graphical user interface that lets you 
* Manage the Apache Web server. 
* Manage all Apache Web servers in your network from one interface. 


* Execute common Apache directives without having to manually change the httpd.conf 
file, which can introduce errors. 


* Provides a Web container for the J2EE environment included with NetWare 6.5, letting you 
create and host money- and time-saving Web services, such as 


* Integration of existing incompatible legacy software applications 
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* Interaction of business systems between two or more companies to improve efficiencies 
of information exchange 


* Is pre configured to work with Jakarta-Tomcat, the servlet container created by the Apache 
Foundation, which can be used to host servlets for automating business processes. 


* Iscompatible with the new Novell exteNd Application Server for deploying Web applications 
and Web services. 


* Is ideal for Web application development and testing. 


How Apache Is Used on NetWare 


The Apache Web server is the only HTTP stack included with NetWare 6.5. It is used in two ways: 
as an administration server for Novell services and as a dedicated Web server, if you choose to 
install a Web server. 


To accomplish this, two instances of Apache are configured on your server. Of course, if during 
the NetWare 6.5 installation you didn’t choose to have a Web server, only the administration 
instance is installed. 


Using Apache as the NetWare Administration Server 


Apache is used as a NetWare 6.5 administration server for several Novell products such as 
iFolder™ and iManager. Some products, such as NetWare Remote Manager (NRM) don’t depend 
on Apache because they have their own HTTP stacks. 


So when you use iManager, accessible from any Web browser (including the new Web browser 
now available from the NetWare GUI), it is this instance ofthe Apache Web server that is serving 
up the data between the Web browser and NetWare 6.5. 


For this reason, Apache is installed by default, even if you do not choose it as your Web server. 
However, the administration instance of Apache is created in its own directory at the root of the 
sys volume, just above the directory created for the public instance of Apache. 


Figure 1 The Directory Where The Administration Instance Of The Apache Web Server Is Installed. 
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If you did not install Apache as your Web server, the Apache2 directory does not exist. 


Using Apache as a Dedicated Web Server 


When you choose Apache as your Web server, a second instance is installed in the operating 
system address space where you can utilize it as a dedicated Web server. 
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Whether you need it for hosting a simple department intranet site or for use in hosting more 
complex Web services or business-to-business solutions, Apache provides very fast and reliable 
HTTP services. 


The instance of Apache is installed in the Apache2 directory located at the root of your server’s 
sys volume. It contains several sub-directories described in the following figure.(add brief 
descriptions of the purpose of each directory? maybe too detailed for here?) 


Figure 2 File Structure Of The Public Apache Web Server. 
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Unbeatable Security with Apache, eDirectory, and Built-in SSL 


Running Apache on NetWare provides one of the industry’s most secure Web servers. This is 
because of NetWare’s tight integration with eDirectory and the built-in services of Secure Sockets 
Layer (SSL) that run at the core of the NetWare operating system. 


Together, eDirectory and SSL keep your business information safe from intruders yet accessible 
from anywhere by people who have the proper access rights. 


Managing Apache the Easy Way 


While other platforms require you to manually edit configuration files to configure Apache, 
NetWare 6.5 includes a simple, browser-based graphical user interface that updates the 
configuration files for you: Apache Manager. 


If you have multiple instances of Apache running on various platforms in your network, you can 
control them all from the Multiple Server Administration pages of Apache Manager, giving you 
single-point access to, and control over, all of your Web servers. 
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Figure 3 Apache Manager’s Single Server and Multiple Server Administration pages. 
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If you are already familiar with Apache and are comfortable configuring it manually, you can do 
so on NetWare as well. However, a single typographical error in the context of the configuration 
file can render content inaccessible or even shut down the Apache Web server. 


Using Apache Manager decreases the potential for human error, saving you and your customers 
time and unnecessary frustration. 


Also, the Administration Interface lets you control Apache from anywhere that you have Internet 
access, even from remote locations, provided you have access rights to connect through your 
company firewall. 


Hosting a Web Site 
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Web sites are not all created equal. Some are simple collections of HTML pages that contain static 
information, such as company background information. Even though some scripting, such as Java 
Script, might be used for creating navigation effects like rollover buttons, a simple Web site largely 
consists of static files. When the files are updated, it is usually by hand. Little or no processing of 
data is done at the server. 


Of course, the main purpose of having a Web server is to host a Web site, or to use Apache as the 
HTTP server in a partnership with an application server, such as the Novell exteNd Application 
Server. 


Conversely, a dynamic Web site is one in which information is created dynamically as it is 
requested either from a user or another computer. 


Building dynamic Web sites involves the use of servlets or Web applications, and might also 
involve databases (such as MySQL) and scripting languages (such as PHP or Perl). If you are 
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integrating legacy applications or creating business-to-business solutions, you might also need to 
use SOAP, UDDI, and WSDL. NetWare 6.5 includes all of these open-source solutions. 


Web sites where products or services are bought or sold, such as is done on Amazon.com, are 
examples of dynamic Web sites. Other dynamic Web sites are not seen by users, but are used 
instead as part of a supply chain process between businesses. 


Regardless of the complexity of your Web site, Apache is designed to be fast and reliable. 


Using Servlets with Apache on NetWare 


Servlets are like small Web applications and are often used to accomplish less robust processing. 
They can be used to save time and money by processing information very quickly, in ways that 
users cannot. 


For example, Novell’s Web Search Server is used to index file and Web content, allowing users 
to search for and find specific information from within large collections of information stored on 
one or more Web or file servers. 


NetWare Web Search Server utilizes five primary servlets. The Highlighter servlet marks up the 
content of search results, highlighting all instances of the keyword that a user is searching for. (For 
more information about NetWare Web Search Server, see the NetWare Web Search Server 
Administration Guide.) 


Other servlets might include such things as online calculators, shopping carts, or calendars. 


Because NetWare 6.5 is J2EE(link to glossary) -compliant, servlets created to run on other J2EE- 
compliant platforms will also run on NetWare 6.5 without having to customize or rewrite any code. 
Simply copy the servlets to NetWare 6.5 and they will run. 


To utilize servlets, you must use Jakarta-Tomcat, also included with NetWare 6.5, and a key 
component of J2EE. 


Also created by the Apache Foundation, Tomcat is a servlet container that processes servlet 
requests. Apache on NetWare is pre configured to run with Tomcat. 


Hosting Web Services and Applications 


NetWare 6.5 offers a reliable, high-performance J2EE environment for the development and 
deployment of Java-based Web applications and services. In addition to the open-source products 
included with NetWare 6.5 (Apache Web server, Tomcat, and MySQL), NetWare 6.5 also 
includes the new Novell exteNd Application Server. 


Using the exteNd Application Server, you can 


* Integrate legacy applications, breaking down information silos that bog down the exchange of 
information between the organizations within your company. 


* Interact with the business systems of other companies, such as partners and clients, by 
building in Web services functionality (SOAP, UDDI, and WSDL). 


For more information about the exteNd Application Server and building Web applications and 
services, visit www.silverstream.com (http://www.silverstream.com/Website/app/en_US/ 
AppServer). 


Overview: Apache Web Server 15 


What's Next 


* Ifyou have not yet installed Apache as your Web server, see Chapter 2, “Installation and 
Configuration,” on page 17. 


* Ifyou have already installed Apache and want to begin managing it, see Chapter 3, 
“Managing Apache Web Server Preferences,” on page 21. 


+ For an overview of J2EE and Web services, see Overview: Novell Web and Application 
Services. 
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Installation and Configuration 


Apache Web Server 2.0 is installed by default during the NetWare 6.5 installation process. This 
instance of Apache is used by NetWare 6.5 features and products, acting as an administration 
server. (For more information, see “How Apache Is Used on NetWare” on page 12.) 


The Apache Manager, which also runs on the Apache administration server, offers a graphical 
interface for making common configuration changes to Apache, including the ability to edit 
multiple instances of Apache wherever they are running in your network, regardless of the 
platform on which they are running. 


This chapter shows you how to install a second instance of Apache for hosting your own Web 
content or for creating a Java development environment that you can use to create, test, and run 
Web applications. 


Upgrading to Apache from the NetWare Enterprise Web Server 


If you are upgrading to NetWare 6.5 and your existing server utilizes the NetWare Enterprise Web 
Server, you must upgrade to Apache. A special migration tool has been created and will handle the 
upgrade for you. 


What the Migration Tool Does 


During the installation process, the migration tool leaves your Web content and related files intact, 
in the same directory structure that is already in place, which in most cases is novonyx/suitespot/ 
docs. This path could be different if you had configured an alternate root directory. Apache is then 
configured to recognize this path so that your content is still accessible. 


A copy of the previous Apache configuration is then saved to HTTPD.CONF.001. A new Apache 
configuration file is created called httpd.conf. It contains directives based on settings in your 
Enterprise configuration files. 


The migration tool does not automatically migrate all settings. Some final adjustments require 
manual configuration changes by editing the httpd.conf file or by using Apache Manager (See 
“About Configuring and Managing Apache” on page 18). 


Settings that are not migrated from Enterprise to Apache include the following: 
+ NSAPI plug-ins 
* Tomcat 
+ LCGIs 
+ MIME types 
+ Authentication settings 


+ Authorization settings 
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Installing Apache on NetWare 


Apache can be installed on NetWare in three ways: from the NetWare 6.5 installation process, 
from binary download files, or manually from your own build files. 


For information about installing Apache from binary files, or installing it manually from your own 
build files, see Installing Apache on NetWare (http://httpd.apache.org/docs-2.0/platform/ 
netware.html#inst) on the Apache Web site. 


Installing Apache from the NetWare 6.5 CD 


If you did not install Apache Web server during the NetWare 6.5 installation, you can install it at 
anytime from the NetWare 6.5 Products CD. 


1 Insert the NetWare 6.5 Products CD into the drive of the server where you want to install 
Apache. 


2 Start the NetWare GUI by typing startx at the system console. 
3 Click Novell > Install > Add. 


4 In the Source Path dialog box, enter the path to the CD, or click the Browse button and locate 
the CD. 


Select the POSTINST.NI response file and click OK. 

From the products list, select Apache2 Web Server. 

Click Next. 

When prompted, enter your administrator username and password, and your user context. 


Click OK. 


So YO di 


10 Follow the remaining screen prompts. 


For instructions about starting and stopping Apache, see “Managing Apache Server Status” on 
page 21. 


About Configuring and Managing Apache 
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There are two ways to configure and manage Apache on NetWare: by using the Web-based tool, 
Apache Manager, the same tool used in previous versions of NetWare to manage the Enterprise 
Web server, or by manually editing the httpd.conf configuration file. 


If you are new to the Apache Web server, the configuration and management of Apache Web 
Server on NetWare is easy using the Apache Manager, accessible from any Web browser in your 
network. 


The Apache Web server is configured primarily through the use of Apache directives, which are 
commands with values assigned to them and recorded in the Apache2/conf/httpd.conf file. Apache 
reads this file at startup (and periodically thereafter) and runs according to the specified values. 


The most commonly used directives can be modified through Apache Manager, an administration 
server interface for managing Apache. The Apache Manager updates the httpd.conf file for you. 
For example, when you enter a number in the Thread Stack Size field on the Performance Tuning 
page of Apache Manager, Apache Manager updates the ThreadStackSize directive in the 
httpd.conf file. 
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Using Apache Manager reduces the number of errors that can occur when you manually edit 
httpd.conf. Poor syntax or misused directives can, in a worst case scenario, bring down your Web 
server. 


Apache Manager also lets you manage all instances ofthe Apache Web server, wherever they exist 
in your network, even if they are running on other platforms. 


If you are already familiar with the Apache Web server running on other platforms, you will find 
almost no differences on the NetWare platform. All of the same modules available on other 
platforms are available on NetWare 6.5, with a few additional modules such as Mod_edir. 
Mod_edir enables Web pages to be served up from a user's home directory and provides remote 
file system access and authentication services. AUTH LDAP enables LDAP authentication to 
LDAP directories including Novell eDirectory™. 


The primary differences in manually editing relate to file paths and, in some cases, filenames. 


What’s Different with Apache on NetWare 


Apache functions in the same way on NetWare as it does on other platforms. However, there are 
a few key differences. 


Apache on NetWare is Multi-Threaded 


Because Apache on NetWare is multi-threaded, it does not use a separate process for each request, 
as Apache does in some UNIX implementations. Instead, multiple threads run simultaneously: a 
parent thread, and multiple worker threads which handle the requests. 


Because of this, the directives used for managing processes are utilized differently, as described 
in the following table. 


Directive Usage on NetWare 


MaxRequestsPerChild As on UNIX, this directive controls how many requests a worker thread will 
serve before exiting. The recommended default (0) causes the thread to 
continue servicing requests indefinitely. 


IMPORTANT: Unless there is a specific reason for setting this to something 
other than the default value, we recommend that it be kept at 0. 


MaxSpareThreads Instructs the server to begin terminating worker threads if the number of idle 
threads ever exceeds this value. We recommend that you use the default 
setting of 75. 


MaxThreads Limits the total number of worker threads to a maximum value. We 
recommend that you use the default setting of 250. 


MinSpareThreads Instructs the server to spawn additional worker threads if the number of idle 
threads ever falls below this value. We recommend that you use the default 
setting of 10. 


StartThreads Specifies how many threads the server should start with. We recommend that 
you use the default setting of 50. 


ThreadStackSize Specifies the stack size of each worker thread. We recommend that you use 
the default setting of 65536. 
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Syntax of Pathnames 


Directives that accept filenames as arguments must use fully qualified NetWare pathnames, 
including the volume name. For example, sys:/apache2/htdocs. If the volume name is not 
specified, Apache will default to the sys: volume. 


Also, because Apache uses UNIX-style pathname conventions internally, you must use forward 
slashes (/) in place of backslashes (\) in directive arguments. 


Loading Modules at Runtime 


What's Next 
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Apache on NetWare has the ability to load modules at runtime, without having to recompile the 
server. 


A number of external modules can be loaded from the \Apache2\modules directory. To activate 
these, or other modules, the LoadModule directive must be used. For example, to active the status 
module, use the following (in addition to the status-activating directives in access.conf): 


LoadModule status module modules/status.nlm 


See Apache Module mod_so (http://httpd.apache.org/docs-2.0/mod/mod_so.html#creating) for 
more information about creating loadable modules. 


When configuring Apache manually, refer to the Apache 2.0 documentation (http:// 
httpd.apache.org/docs-2.0). 


Once you have installed Apache, you might want to look at the following topics: 
* Chapter 3, “Managing Apache Web Server Preferences,” on page 21 
* Chapter 4, “Managing Server Content,” on page 35 
* Chapter 5, “Managing Apache Modules,” on page 47 
* Chapter 5, “Managing Apache Modules,” on page 47 
+ Performance Tuning Tips (http://httpd.apache.org/docs-2.0/misc/perf-tuning.html) 
* Developer Documentation for Apache 2.0 (http://httpd.apache.org/docs-2.0/developer) 
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Managing Apache Web Server Preferences 


This section shows you how you can use the Server Preferences and Server Logs pages of Apache 
Manager to 


+ Start, stop, and restart the Apache Web server 

+ View current server configurations, including eDirectory™ tree names and contexts 
* Tune Apache for improved performance based on how the server is being used 

* View, edit, and create MIME types 

* Edit, add, or deleted additional ports for Apache to listen on 

* Specify how and what should be recorded by the Apache access and error log files 


* Modify the way Apache responds to errors, such as the Not Found 404 error 


Accessing Apache Manager 


Apache Manager is accessed either through iManager or by entering your Web server’s URL, 
followed by the port number assigned to Novell Apache Manager.(When python is in place, 
document how to get to the apache admin interface from there.) 


Managing Apache Server Status 
Once installed, Apache runs constantly, listening for and accepting requests. You can start and 


stop Apache using Apache Manager, Novell iManager, or the NetWare® system console. 


When you stop the Apache server, all threads that are currently running are allowed to finish. The 
apache.nlm does not actually shut down, so restarting the server is much faster than in prior 
versions. 


After you shut down the server, it might take a few seconds for the server to complete its shutdown 
process and for the status to change to Down. 


You can use the Server Status page of Apache Manager to verify whether Apache is running. You 
can also start, stop, or restart Apache. 


Starting or Stopping Apache 
1 From the Apache Manager home page, click Apache Web Server servername. 
2 Click Start Server or Stop Server. 


If the Apache Web server is already running, the Start Server button reads Restart Server. 
Click Restart Server to have it shut down and then start up again. 
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IMPORTANT: If you run Apache Manager in Directory mode, you cannot verify whether the server is running. 
To verify whether an Apache server is running, you must do so from the system console or by pointing a Web 
browser at the server. If you are able to view your Web content, the server is running. 


Starting Apache From the System Console 


To start Apache, enter Ap2webup at the system console. This loads Apache into the operating 
system (OS) address space. If you want to load Apache into protected address space, you can do 
so at the console prompt using the LOAD command. For example: 


load address space = apache2 apache2 
Using this command loads Apache into an address space called apache2. 


After starting Apache, it listens on port 80 for requests from client Web browsers, unless you 
changed the Listen directive in the configuration files. 


Once Apache is started, open a Web browser either from the NetWare GUI or from a client 
computer in your network. Enter the URL to your Apache Web server, which can be either an IP 
address or aDNS name. For example: 


http: //myserver.mycompany.com 
or 


http://012.345.678.910 
HINT: If there is no response, look in the volume:/apache2/logs/error_log file for details. 
If the Apache server is running correctly, a default Web page appears (index.html./anguage code). 


The actual file is found in the volume:/apache2/htdocs directory, the directory defined by default 
as the root Web directory. Replace this file with your own home page. 


Once Apache is running correctly, you can make changes to its default configuration by editing 
the files in the conf directory. 


Stopping Apache from the System Console 


To unload Apache running in the OS address space, enter ap2webdn at the system console. 


If apache is running in a protected address space, specify the address space in the unload statement. 
For example, at the console prompt, enter 


unload address space = apache2 apache2 
OT, 


apache2 shutdown -p address space 


Running Additional Instances of Apache Simultaneously 
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You can run multiple instances of Apache concurrently on NetWare by loading each additional 
instance into its own protected address space. 


To do so, each additional instance must have its own address space name. For example: 


load address space = apache3 apache2 


load address space = apache4 apache2 


Apache Web Server Administration Guide 


Using the examples above would create two additional instances of Apache with the unique 


address space names of apache3 and apache4. 


In addition, each instance must be using its own httpd.conf file wherein unique ports, error and 
access log filenames can be specified. Attempting to use the same configuration file causes various 


errors, including port conflicts. 


Using An Alternate Configuration File 


If you want to run Apache using an alternate httpd.conf file, use the following command: 


load address space = Instancel apache2 -f path_to_httpd.conf 


This is an effective method for avoiding port conflicts because using alternate httpd.conf files 


allows you to specify alternate port numbers. 


Starting or Stopping the Apache Admin Server 


To start the Apache Admin server, enter admsrvup at the system console. To stop the Apache 


Admin server, enter admsrvdn. 


Verifying Server Status from the NetWare Console 


The following command line directives can be used at the system console to modify or display 


information about Apache. 


IMPORTANT: At the NetWare console prompt, each directive must be preceded by apache2, as in 
servername:apache2 directive. Also, Apache must be running. (See “Starting or Stopping Apache” on 


page 21.) 


Directive 
DIRECTIVES 


MODULES 


RESTART 


SETTINGS 


SHUTDOWN 


VERSION 


Effect 
Displays a list of all available directives. 


Displays a list of loaded modules, both 
built-in and external. 


Instructs Apache to terminate all 
running worker threads as they 
become idle, reread the configuration 
file, then restart each worker thread 
based on the new configuration. 


Enables or disables the thread status 
display on the console. When enabled, 
the number of threads currently 
running is displayed along with the 
status of each thread. 


Terminates the running instance of the 
Apache Web server. 


Displays version information about the 
currently running instance of Apache. 
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If you are already familiar with Apache on other platforms, see Using Apache with Novell 
NetWare (http://httpd.apache.org/docs-2.0/platform/netware.html) on the Apache.org Web site 
for information about what is different about Apache on NetWare. 


Viewing Configuration Settings 


The View Configuration page lists all Apache directives and lets you configure them by clicking 
on a directive. 


The settings are stored in the Apache2/conf/httpd.conf file. For more information about Apache 
configuration files, see Configuration Files (http://httpd.apache.org/docs-2.0/configuring.html) in 
the Apache documentation. 


The server’s content settings depend on its configuration. Common server content settings include 
the server’s document directory, its index filenames, name and location of its access log, and 
default MIME type. 


Performance Tuning 


Apache 2.0 includes performance enhancements that increase throughput and scalability. Most of 
these are enabled by default. In addition, you can change the configuration of Apache to best serve 
the needs for which you are using it. 


For example, you can increase the maximum number of threads allowed to run simultaneously if 
your Web server is getting a larger number of client visits. You can also disable the Keep Alive 
feature to restrict persistent connections, which some Web clients request when they connect to 
your server. 


Adjusting Thread Settings 


Because Apache is very self-regulating, most sites do not need to adjust the default values of any 
of the thread directives. However, if you need to make changes to any of the thread settings, 
continue reading. 


For more information about thread directives, see ThreadStackSize (http://httpd.apache.org/docs- 
2.0/mod/mpm_netware.html#threadstacksize) on the Apache Web site. 
NOTE: Because Apache for NetWare is multi-threaded, it does not use a separate process for each request, 


as Apache does in some Unix implementations. Apache for NetWare uses a parent thread and multiple child 
threads, which handle all requests. 


Modifying the Thread Stack Size 
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A thread stack is a piece of scratch memory that a thread uses to store information temporarily. If 
there is not enough stack space and the thread requires more in order to continue, the server will 
abend. Intensive applications usually require more stack space. Modules such as mod_perl or 
mod _php might require a thread to yield more stack space. However, 65,536 bytes is typically 
large enough. 


Keep in mind that increasing the stack size results in consuming more system resources because 
each thread requires a certain amount of space. Therefore, increasing the stack size should be done 
only after considering what is required based on the applications and modules that are being used. 
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The ThreadStackSize (http://httpd.apache.org/docs-2.0/mod/ 
mpm_netware.html#threadstacksize) directive tells the server what stack size to use for each 
running thread. If a stack overflow occurs, you need to increase this number. 


To modify the thread stack size: 
1 From the Performance Tuning page, enter a numerical value in the Thread Stack Size field. 
The default is 65536. 
2 Click Save. 


Modifying the Number of Start Threads 


The StartThreads (http://httpd.apache.org/docs-2.0/mod/mpm_common.html#startthreads) 
directive specifies the number of child server processes that are to be created when the Web server 
is started. Because the number of processes is dynamically controlled according to system load, 
there is usually little reason to adjust this parameter. (is one child server process a child thread? 
how many threads can be ) 


To modify the number of start threads: 
1 From the Performance Tuning page, enter a numerical value in the Start Threads field. 
The default is 50. 
2 Click Save. 


Modifying Minimum Spare Threads 


The MinSpareThreads (http://httpd.apache.org/docs-2.0/mod/ 
mpm_common.html#minsparethreads) directive defines the minimum number of idle threads set 
aside to process surges in client requests to the Web server. 


Different MPMs deal with this directive differently. On NetWare, the mpm_netware module is 
used to control all of the threading directives and functionality. 


To modify the number of start threads: 


1 From the Performance Tuning page, enter a numerical value in the Minimum Spare Threads 
field. 


The default is 10. 
2 Click Save. 


Modifying Maximum Spare Threads 


The MaxSpareThreads (http://httpd.apache.org/docs-2.0/mod/ 
mpm_common.html#maxsparethreads) directive lets you define the maximum number of idle 
threads allowed. Again, different MPMs deal with this directive differently. On NetWare, the 
mpm _netware module is used. Therefore, this directive tracks the minimum spare threads value 
on a server-wide basis. 


To modify the maximum number of spare threads: 


1 From the Performance Tuning page, enter a numerical value in the Maximum Spare Threads 
field. 


The default is 75. 
2 Click Save. 
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Modifying Maximum Total Threads 


The MaxThreads (http://httpd.apache.org/docs-2.0/mod/mpm_netware.html#maxthreads) 
directive specifies the maximum number of worker threads allowed. 


To modify the maximum total threads: 


1 From the Performance Tuning page, enter a numerical value in the Maximum Total Threads 
field. 


The default is 250. 
2 Click Save. 


Adjusting Keep Alive Settings 


Keep Alive provides live HTTP sessions that allow multiple requests to be sent over the same TCP 
connection. In some cases this has been shown to result in an almost 50% increase in latency times 
for HTML documents with many images. 


To modify keep alive settings: 
1 From the Performance Tuning page, click Yes or No to enable or disable Keep Alive. 


2 Make your changes and click Save. 


Limiting the Number of Keep Alive Requests 


When Keep Alive is enabled, it limits the number of requests allowed per connection. Entering 
zero (0) in the Maximum Keep Alive Requests field allows an unlimited amount of connections. 
(See MaxKeepAliveRequests (http://httpd.apache.org/docs-2.0/mod/ 
core.html#maxkeepaliverequests) on the Apache Web site. 


For maximum server performance, we recommend that this setting be kept to a higher value. The 
default setting is 100. 


Specifying a Time-out Limit for Keep Alive Requests 


Using DNS 


The KeepAliveTimeout (http://httpd.apache.org/docs-2.0/mod/core.html#keepalive) directive lets 
you specify (in seconds) how long Apache waits for a subsequent request before closing a TCP 
connection. Once a request has been received, the time-out value specified by this directive 
applies. 


Setting Keep Alive Timeout to a high value can cause performance problems for heavily loaded 
servers. The higher the timeout, the more server processes are kept busy waiting on connections 
with idle clients. 


When enabled, the HostnameLookups (http://httpd.apache.org/docs-2.0/mod/ 
core.html#hostnamelookups) directive records the names of clients or their IP addresses: 
www.apache.org (when on, or enabled) or 204.62.129.132 (when off, or disabled). 


The default is set to Off. This is because when enabled, every client request would result in at least 
one lookup request to the nameserver, causing unnecessary congestion on DNS servers and the 
Internet. 
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For additional information about DNS issues on Apache, see Issues Regarding DNS and Apache 
(http://httpd.apache.org/docs-2.0/dns-caveats.html) on the Apache Web site. 


Additional Performance Tuning Information 


You can also adjust the settings of the Mod Cache module. For more information about 
Mod Cache, see Chapter 5, “Managing Apache Modules,” on page 47. 


For additional information about performance tuning, see Apache Performance Notes (http:// 
httpd.apache.org/docs-2.0/misc/perf-tuning.html) on the Apache Web site. 


Managing MIME Types 


Multipurpose Internet Mail Extension (MIME) is a specification used to identify a file type by its 
extension so that when Apache receives a request for a file, it knows how to handle the file. A list 
of MIME types that Apache already knows about is included in the conf/mime.types file. 


The Global MIME Types page saves you the trouble of manually entering a new MIME type or 
modifying an existing one. MIME types created on the Global MIME Types page are not added to 
the conf/mime.types file, but rather are listed in the httpd.conf file under the AddType (http:// 
httpd.apache.org/docs-2.0/mod/mod_mime.html#addtype) directive. 


MIME types added to the httpd.conf file override MIME types ofthe same name that already exist 
in the mime. types file. 


Files can have more than one extension and their order does not typically matter. For example, if 
the extension .rus maps to Russian and HTML maps to HTML, then the files text.rus.html and 
text.html.rus are treated alike. 


However, unrecognized extensions, such as .xyz, wipes out all extensions to their left. Therefore, 
text.rus.xyz.html is treated as HTML but not as Russian. 


HINT: If you will be downloading NLMs (NetWare Loadable Modules) to your Web server, you might want to 
add NLM as a MIME type. If you do, use application/octet-stream as the content type and .nlm as the suffix. 


To create a new MIME type: 


1 From the MIME Types page, type a name in the Content Type field that describes the new 
MIME type. 


2 Type the character extension in the Suffix field. 
Enter a period, followed by letters or numbers. 
3 Click New Type. 
To edit an existing MIME type: 
1 From the MIME Types page, locate the MIME type to be edited or removed. 
2 Click Edit and make the required changes to the Content Type and Suffix fields. 
3 Click Edit Type. 


4 Click Save and Apply to save the changes to the httpd.conf file and restart Apache to apply 
the changes. 


Or, 


Click Save to save the changes to the httpd.conf file without applying the changes by 
restarting Apache. You will have to restart Apache eventually. 
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Or, 
Click Undo to cancel the changes. 


Default MIME Types 


When a document is sent to a client, the server includes a section that identifies the document ’s 
type, so the client can present the document in the correct way. However, sometimes the server 
can’t determine the proper type for the document because the document’s extension is not defined 
for the server. In those cases, a default value is sent. 


The default is usually Text/Plain, but you should set it to the type of file most commonly stored on 
your server. Some common MIME types include the following: 


text/plain text/html 

text/richtext image/tiff 

image/jpeg image/gif 
application/x-tar application/postscript 
application/x-gzip audio/basic 


Additional Information About MIME Types 


For more information about MIME types, see Content Negotiation (http://httpd.apache.org/docs/ 
content-negotiation.html) on the Apache Web site. 


Specifying an Administrator E-Mail Address for Inclusion in Error 


Messages 


If users receive an error message, such as a 404 Not Found error, you can include the e-mail 
address ofthe Apache administrator as a means of providing customers with a method of notifying 
you about problems on your Web site or with your Web applications. 


For example, if you specified john@digitalairlines.com as the value of the Server Admin directive 
and a user received a 404 Not Found error, a text message would include john@digitalairlines.com 
as the administrator to contact for further assistance. 


The ServerAdmin (http://httpd.apache.org/docs-2.0/mod/core.html#serveradmin) directive sets 
the e-mail address that the server includes in any error messages it returns to the client. 


To specify an administrator e-mail address: 


1 From the Network Settings page of Server Preferences, type a valid e-mail address users 
should contact about error messages. 


2 Click Save. 


For information about customizing the error messages themselves, see “Managing Error 
Responses” on page 30. 
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Setting Up Server-Side Includes 


Server-side includes (SSI) provide a means of adding dynamic content to existing HTML 
documents without the use of a CGI program or other dynamic technology. 


SSIs are directives placed in HTML pages and evaluated on the server while the pages are being 
served. Wherever you add SSI directives within an HTML page, that is where the results of the 
SSI code show up. For example, you could embed the current date or time into a Web page by 
adding the following code to an existing HTML file: 


<!--#echo var="DATE LOCAL" --> 


SSI code appears like an HTML comment. However, if SSI is configured properly, Apache 
processes it as SSI code and in this sample, the current date appears on your Web page. 


Enabling and Configuring SSI 


Before SSI codes are recognized by Apache, you must first enable it. You must also specify the 
file extension you will use for files containing SSI directives. This helps Apache identify which 
files contain SSI. 


To enable and configure SSI: 
1 From the Network Settings page of Server Preferences, click On next to Server-Side Includes. 
2 Specify the file extension to be used by files containing SSI directives. 


Typically, this is shtml, but you can specify any file extension you want, including simply 
html. 


3 Click Save and Save and Apply. 


For a more in depth discussion of SSI, see Introduction to Server-Side Includes (http:// 
httpd.apache.org/docs-2.0/howto/ssi.html) on the Apache Web site. 


Managing Listen Ports 


You can direct Apache to listen to only specific IP addresses or ports; by default it responds to 
requests on all IP addresses. This directive is required. If it is not in the httpd.conf file, the server 
will fail to start. This is a change from previous versions of Apache. 


You can specify multiple ports. If you do so, Apache responds to requests from any of the listed 
addresses and ports. 


To specify a new port number: 


1 From the Listen Ports page, type the IP address, followed by a colon (:), followed by a port 
number. 


For example, 


123.456.789.100:2003 


IMPORTANT: Be sure to verify that the port number you use is not already in use. (See...add link to 
new port info--use table from nw6? see http://www.novell.com/documentation/Ig/nw6p/ 
index.html?page=/documentation/Ig/nw6p/adminenu/data/hk4ovawv.html) . 


2 Under Encryption, click On if you want to use Secure Sockets Layer (SSL) with the newly 
specified port number. 
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3 Ifnecessary, select an alternate server certificate from the Server Certificates drop-down list. 


4 Click Save. 


To edit or remove a port: 


1 From the Listen Ports page, click Edit in the row of the Current Listen Ports table of the port 
you want to edit. 


2 Modify the port information above the table and click Save and Apply to save the changes to 
the httpd.conf file and restart the server. 


or 
Click Save to save the changes to httpd.conf without restarting the server. 
or 
Click Undo to cancel the changes. 

3 Click Remove to delete a port from the Current Listen Ports table. 

4 Click OK to delete the port, or click Cancel. 


For more information, see the Listen (http://httpd.apache.org/docs-2.0/mod/ 
mpm_common.html#listen) directive on the Apache Web site. 


Managing Error Responses 


In the event of a problem or error, Apache can be configured to do one of four things: 
1. Output a simple hard-coded error message. 
2. Output a customized message. 
3. Redirect to a local URL path to handle the error. 
4. Redirect to an external URL to handle the error. 


The first option is the default, while the remaining options are configured using the 
ErrorDocument (http://httpd.apache.org/docs-2.0/mod/core.html#errordocument) directive, 
which is followed by the HTTP response code and a URL or a message. Apache will sometimes 
offer additional information regarding the problem or error. 


Working with Server Logs 


To effectively manage a Web server, it is necessary to get feedback about the activity and 
performance of the server as well as any problems that might be occurring. Apache provides very 
comprehensive and flexible logging capabilities. 


For more information about access and error logging, see Log Files (http://httpd.apache.org/docs/ 
logs.html) on the Apache Web site. 


Viewing the Access Log 
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The access log records information about clients who access your Web server, such as their IP 
addresses and the date and time when they accessed the Web server. 


This information can be very useful. Here are a few examples: 
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* Tracking advertising success: Identifies the success of banner ads by viewing how often a 
banner ad has been clicked. 


* Tracking visibility to search engines: Identifies which search engines are indexing your site. 


* Tracking efficiency of a purchase system: Identifies how long customers are spending in your 
electronic purchasing process. 


The type of information displayed depends on the settings of the Log Preferences page. A typical 
log shows an IP address, date, time, and the requested URL. For example: 


137.65.67.133 - [27/0ct/2002:22:40:05 -0700] 200 - "GET HTTP/1.1" "http:// 
www.digitalairlines.com/" 


Viewing the Error Log 


The View Error Log page displays the contents of Apache’s error log, which is the most important 
of the log files. The error log file is where the Apache httpd sends diagnostic information and 
where any errors related to processing requests are recorded. 


Because the error log data can be viewed through the NetWare Apache Manager, you can view it 
from where ever you have Web access. 


The error log is the first place to look when a problem occurs with starting the server or with the 
operation of the server, because it often contains details of what went wrong and how to fix it. 


For more information about the error log, see Log Files (http://httpd.apache.org/docs/ 
logs.html#errorlog) on Apache.org. 


Filtering Access and Error Log Data 


You can filter log data displayed on the View Access Log page by specifying the maximum 
number of entries to be returned at one time. You can also filter the access log so that only entries 
containing specific information is returned, such as a specific IP address or date. 


To filter the number of access log entries displayed: 
1 Inthe Number of Entries field, enter the number of log entries you want displayed at one time. 
This can be any number between 1 and 500. 
2 Click OK. 
To filter log entries containing specific alphanumeric information: 
1 In the Only Show Entries With field, enter an alphanumeric string. 
For example, 22/Aug/2003. 
2 Click OK. 


Setting Log Preferences 
The Log Preferences page lets you enable or disable access logging, log rotations, the location of 
access log files, and the type of data to capture in the access log. 


HINT: On other software solutions such as NetWare Web Search Server, rotating logs is a method of using 
two log files to record activity on the server. By using two log files, you will have a limited history of server 
activity (depending on the maximum file size limits you set on each log file). When the first log file reaches 
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maximum capacity, the second log file is used. When the second file reaches maximum capacity, the first file 
is overwritten. 


However, on Apache, when a log file reaches maximum capacity, a new file is created. This can result in many 
log files and require a significant amount of storage space. If you disable log file rotation, a single file will be 
used, which can result in a very large log file. 


To enable (or disable) access logging: 
1 From the Log Preferences page under Server Logs, click Yes. 
2 In the Log File field, specify the path to the access log file. 
The default path is Apache2/logs/access log. 
3 Click Save. 


Enabling Log Rotation 


Even on a moderately busy server, the quantity of information stored in log files is very large. The 
access log file typically grows 1 MB or more per 10,000 requests. To manage growing log files, 
Apache can be directed to rotate the log files by moving or deleting the existing logs. This cannot 
be done while the server is running, because Apache will continue writing to the old log file as 
long as the file remains open. Instead, the server must be restarted after the log files are moved or 
deleted so that it will open new log files. 


By enabling log file rotation, Apache will automatically switch to new log files without any 
administrator intervention. Simply specify what you want to trigger the log rotation and Apache 
will do the rest. 


To enable the rotation of log files based on log file size: 


1 From the Log Preferences page, click the By Size radio button to have the logs switched when 
a specific size (in megabytes) is reached in the first log file. 


2 Click the MB drop-down list and select the number of megabytes at which the logs should be 
rotated. 


3 Click Save. 


To enable the rotation of log files based on a specified time period: 


1 From the Log Preferences page, click the By Time radio button to have the logs switched 
when a specified period of time (in minutes) has elapsed. 


2 In the Minutes field, type the number of minutes between each log file rotation. 
3 Click Save. 
To disable log file rotation: 
1 From the Log Preferences page, click the Do Not Rotate radio button to disable log rotation. 


When selected, a single log file is used. If your Web site supports a high volume of traffic, we 
recommend that you use log file rotation. 


2 Click Save. 


Setting Error Log Preferences 
(Under development.) 


To enable the rotation of log files based on log file size: 
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1 From the Log Preferences page, click the By Size radio button to have the logs switched when 
a specific size (in megabytes) is reached in the first log file. 


2 Click the MB drop-down list and select the number of megabytes at which the logs should be 
rotated. 


3 Click Save. 
To enable the rotation of log files based on a specified time period: 


1 From the Log Preferences page, click the By Time radio button to have the logs switched 
when a specified period of time (in minutes) has elapsed. 


2 In the Minutes field, type the number of minutes between each log file rotation. 
3 Click Save. 
To disable log file rotation: 
1 From the Log Preferences page, click the Do Not Rotate radio button to disable log rotation. 


When selected, a single log file is used. If your Web site supports a high volume of traffic, we 
recommend that you use log file rotation. 


2 Click Save. 


Specifying a Log File Format 


Common Log Format (CLF) is required by many off-the-shelf log analyzers such as wusage or 
ANALOG. If you will be using one of these tools to analyze your log files, select CLF. 


The CLF format is: 
host ident authuser date request status bytes. 


Alternately, you can select from the list of data types that you want Apache to log by checking one 
or more of the items in the Only Log list. 


To specify the common log file format: 
1 From the Log Preferences page, click Use Common Log File Format. 
2 Click Save. 
To customize the log file format: 
1 From the Log Preferences page, click Only Log. 
2 Select each of the items you want Apache to log. 
3 Click Save. 


For more information about logging, see the LogFormat (http://httpd.apache.org/docs-2.0/mod/ 
mod log config.html#logformat) directive on the Apache Web site. 


What's Next 


Once you have configured the Apache server preferences and log files, you can focus on managing 
the content that your Web server will serve up to Web clients. 


Continue on to Chapter 4, “Managing Server Content,” on page 35. 
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Managing Server Content 


You can use the Novell® Apache Manager to help manage Web server content. You can create 
HTML pages and other files such as graphics or text and then store those files on your server. 
When users connect to your server, they can view your files provided they have access to them. 


This section describes how your users can contribute content to your Web server and how you can 
configure and manage content files and folders. 


Modifying the Primary Document Directory 


You probably don’t want to make all the files on your file system available to remote clients. An 
easy way to restrict access is to keep all of your server’s documents in a central location, known 
as the document root or primary document directory. 


Another benefit ofthe document directory is that you can move your documents to a new directory 
(perhaps on a different disk, if for example, you are moving your Web site to a new server) without 
changing any of your URLs, because the paths specified in the URLs are relative to the primary 
document directory. 


For example, if your document directory is sys:/Apache2/htdocs, a request such as http:// 
www.novell.com/products/info.html tells the server to look for the file info.html in sys:/Apache2/ 
htdocs. 


If you change the primary document directory (by moving all the files and subdirectories), you 
only have to change the primary document directory that the server uses, instead of mapping all 
URLs to the new directory or telling clients to look in the new directory. 


By default, the primary document directory is set to the volume:/Apache2/htdocs/ directory using 
the DocumentRoot (http://httpd.apache.org/docs-2.0/mod/core.html#documentroot) directive. 
The primary document directory is the directory from which Apache serves files. 


Itis unlikely that you will need to change the default primary document directory. However, if you 
do, keep in mind that the deeper into a file structure Apache has to go, the longer it takes Apache 
to examine the directories. To optimize performance, keep the primary document directory as 
close to the root of your server’s volume as possible. 


To modify the primary document directory: 


1 From the Primary Document Directory page under Content Management, type the path, 
including the directory name that Apache should serve files from. 


Type a full path, such as SYS:/Apache2/htdocs. 
IMPORTANT: Do not include a trailing slash, as in SYS:/Apache2/htdocs/. 


2 Click Save and Apply to save the changes to the httpd.conf file and restart the server. 
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For more information related to mapping directories to URLs, see Mapping URLs to Filesystem 
Locations (http://httpd.apache.org/docs-2.0/urlmapping.html) on the Apache Web site. 


Setting Up Additional Document Directories 


Most of the time you keep all of your documents in the primary document directory. But 
sometimes you might want to serve documents from a directory outside of your document root. 
You can do this by setting up additional document directories. By serving from a directory outside 
of your document root, you can let someone manage a group of documents without giving them 
access to your primary document root. 


For example, if you have a directory named marketing at the root of your server volume, or even 
on another server in your network that is accessible using TCP/IP, you could add that directory as 
an additional document directory. You could then access it from a Web browser using the URL 
you specify in the URL Prefix field ofthe Additional Document Directories page. The actual path 
might be SYS:/marketing, but the URL would be http://www.digitalairlines.com/marketing. 


You can also manage several options for each additional directory, such as enabling CGI scripting 
or server-side includes. And if the content of an additional directory is not for general public use, 
you can easily apply access control restrictions using the Directory Access Control page. 


Adding an Additional Document Directory 
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Once you have created directories on your server, you must identify them as additional document 
directories so that Apache knows where they are. You can then add new directories using the 
Additional Document Directories page of Apache Manager. 


To add an additional document directory: 


1 From the Additional Document Directories page under Content Management, type a name for 
the directory in the URL Prefix field. 


2 Type the path to the directory on your server. 
You can use either a relative path, or a fully qualified path. For example: 
/marketing 
or 
SYS:/marketing 
3 Click Save and then Save and Apply. 
4 (Optional) If you made a mistake, click Undo on the Save and Apply page. 


Once added, open a Web browser and enter the URL prefix you specified. If you have enabled 
indexing, a list of files currently held in the directory are displayed. (For information about how 
to enable indexing, see “Directory Indexing” on page 38.) 


To delete an additional document directory: 


1 From the Additional Document Directories page under Content Management, click Remove 
in the row ofthe document directory that you want deleted. 


2 Click OK, Save and Apply, and then OK again. 
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Configuring Options for an Additional Document Directory 


CGI Execution 


Symbolic Links 


You can set specific options for each of your additional directory options from the Directory 
Configuration Options page. From this page, you can 


* Enable CGI execution 
* Enable server-side includes 
* Configure the use of directory indexing 


* Enable multiple views 


(**Enable symbolic links (on Apache running on other platforms; not yet available on NetWare) 
--Dave might remove this from the gui--it doesn’t make sense to make it visible when it doesn’t 
even work on NetWare; check back after beta 3.) 


To configure options for an additional document directory: 


1 From the Additional Document Directories page under Content Management, click Options 
in the row of the additional directory that you want to configure. 


2 Make the needed changes, click Save, and then click Save and Apply. 


When enabled, CGI scripts contained in the additional directory can be executed. It is impossible 
to execute CGI from within an additional directory if this feature is not enabled. 


For more information about using CGI, see Dynamic Content with CGI (http://httpd.apache.org/ 
docs-2.0/howto/cgi.html) on the apache.org Web site. 


(**symbolic linking doesn’t work on netware--Dave might remove it from the gui and if he does, 
remove it from here, post beta 3) If you create hard links to a file, such as marketing. html and then 
someone else deletes the file and replaces it with another one of a different name, your hard link 
no longer works. 


To prevent this from happening, you can enable symbolic links, sometimes called soft links, which 
has the ability to keep the link accurate, even in the above scenario. 


NOTE: Symbolic linking is not currently available on the NetWare® platform. However, because Apache 
Manager can be used to configure Apache running on other platforms in your network, it is included on the 
Directory Configuration Options page of Apache Manager. 


For more information, see the Options (http://httpd.apache.org/docs-2.0/mod/core.html#options) 
directive on the Apache Web site. 


Server-Side Includes 


Server-side includes (SSIs) provide a method for adding dynamic content to existing HTML 
documents. 


SSIs are directives placed in HTML pages that are evaluated on the server while the pages are 
being served. They let you add dynamically generated content to an existing HTML page, without 
having to serve the entire page using a CGI program. 
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Directory Indexing 


Multiple Views 


The decision of when to use SSI and when to have your page entirely generated by a program is 
typically a matter of how much of the page is static, and how much needs to be recalculated every 
time the page is served. 


SSI is a great way to add small pieces of information, such as the current time. But if a majority of 
your page is being generated at the time that it is served, you need to look for some other solution. 


For more information about working with SSI, see Introduction to Server Side Includes (http:// 
httpd.apache.org/docs-2.0/howto/ssi.html) on the Apache Web site. 


Ifa URL to a directory is requested but there is no index.html file in that directory, the server 
returns a formatted listing of the directory. 


Directory indexing also includes the ability to define the level of detail returned to the user or to 
disable indexing altogether, which would return a 404 Not Found error to the user. 


To enable directory indexing: 


1 From the Additional Document Directories page under Content Management, click Options 
in the row of the directory that you want to configure. 


2 (Optional) Click Fancy to have Apache return an index that can be sorted and that includes 
additional details about the contents of the folder. 


3 (Optional) Click Simple to have Apache return a list of files with no additional details and no 
sorting functionality. 


4 (Optional) Select None to disable indexing. 


When disabled, and if there is no index file present, users receive the 404 Forbidden error 
message. 


5 Click Save, and Save and Apply. 


For more information, see the Options (http://httpd.apache.org/docs-2.0/mod/core.html#options) 
directive on the Apache Web site. 


Apache has the ability to return content in a way that best matches the client Web browser that 
requested it. 


For example, you might have some content on your Web site that is available in different 
languages or different media types, or a combination of both. One way of selecting the best choice 
for the requesting client browser would be to return an index page and let the user make a selection. 


However, it is possible for the server to choose automatically. This works because most browsers 
request information according to preferences selected by their users. Therefore, a browser could 
specify French as its preferred language, and English as its second choice. Multiple Views can then 
return the French document if there is one, and if not, return the English version in its place. 


For more information, see Content Negotiation (http://httpd.apache.org/docs-2.0/content- 
negotiation.html) on the Apache Web site. 
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Controlling Access to Document Directories 


If you have information on your web site that is sensitive or intended for only a small group of 
people, you can use authentication to control who has access to specific directories. 


HINT: Before you can configure access for a particular directory, you must first create the directory. For more 
information, see “Adding an Additional Document Directory” on page 36. 


Authentication is any process by which you verify that someone is who they claim they are. 
Authorization is also any process by which someone is allowed to be where they want to go, or to 
have information that they want to have. 


Using Apache Manager, you can configure the Apache authorization module to control who has 
access to specific directories on your Apache Web server. Documents placed in a controlled 
directory can only be accessed by users who have been given rights to that directory. 


To configure access control to a specific directory: 


1 From the Additional Document Directories page under Content Management, click Access 
Control in the row of the directory that you want to configure. 


2 Fromthe Access Control Type drop-down list, select the type of user authentication you want 
used for the document directory you are configuring. 


+ 


Public Access: Select this option of you want to allow general access to the directory by 
any user who can visit your Web site. 


Auth LDAP Mode: (Recommended) Select this option of you want to use your LDAP 
server to authenticate specified users to the document directory. Users or groups should 
be specified under the Access Control fields. (For more information, see the 

mod auth ldap (http://httpd.apache.org/docs-2.0/mod/mod auth Idap.html) 
documentation on the apache.org Web site.) 


Auth Module: Select this option if you want to use password files you create using 
Apache's htpasswd utility. For information, see Authentication (http://httpd.apache.org/ 
docs-2.0/howto/auth.html) in the Apache documentation. (For more information, see the 
mod_auth (http://httpd.apache.org/docs-2.0/mod/mod_auth.html) on the apache.org Web 
site.) 


Auth DBM Module: Similar to Auth Module but involves the use of a simple database 
rather than flat files. If, for some reason, you don't want to use LDAP and you have a large 
number users that you want to grant access rights to, use this option. (For more 
information, see the mod_auth_dbm (http://httpd.apache.org/docs-2.0/mod/ 

mod_auth dbm.html) on the apache.org Web site.) 


3 Specify the level and method of access control. 


+ 


Any Valid User: Click this option to allow any valid user to access the document directory 
you are configuring. A valid user is anyone who can log in to the server. 


User/Group List: Click this option if you want to specify individual usernames or group 
names to whom access should be given. When typing multiple usernames or group 
names, separate each entry with a blank spaces. 


Use eDirectory Rights: Verifies directory and file access rights in addition to verifying 
user credentials. User accounts must include specific rights to the directory for a user to 
have access to it. When running Apache on NetWare, no additional configuration is 
required on Apache. 
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Configuring 


4 


10 


11 


(Optional) If you selected Auth Module or Auth DBM Module as your access control type in 
Step 2, type the absolute path to the password file in the User File field and the group 
password in the Group File field (if you created one). 


For more information about using password files, see Authentication (http://httpd.apache.org/ 
docs-2.0/howto/auth.html) on the apache.org Web site. 


Type the context in the directory where the search for user rights should begin. 
For example, o=employees. 


HINT: For more information about this step and the following three steps, see the AuthLDAPUrl (http:// 
httpd.apache.org/docs-2.0/mod/mod_auth_Idap.html#authidapurl) directive on the apache.org Web site. 


Select which attribute should be searched for by clicking either UID or CN. 
UID is the recommended context on which a search should be performed. 
Select the scope of the search by selecting either Subtree or Container Only. 


If you know your users are stored in a specific container, select Container Only, especially if 
your tree is large. This searches the container you specified in the Base DN for Search field. 
Otherwise, select Subtree. 


Select Yes to enable Secure LDAP as a method of protecting usernames and passwords from 
being intercepted. 


If you do not want to enable secure LDAP, click No. 


For more information about securing LDAP, see the LDAPTrustedCA (http:// 
httpd.apache.org/docs-2.0/mod/mod_Idap.html#Idaptrustedca) directive on the apache.org 
Web site. 


Type the full path to the server certificate. 

For example, 

sys:\system\RootCert.der 

From the Certificate Type drop-down box, select the type of certificate that is on your server. 
On NetWare, the default certificate type is Der File. 


Click Save and Save and Apply. 


For more information about authentication to directories on your Apache Web server, see 
Authentication (http://httpd.apache.org/docs-2.0/howto/auth.html) in the Apache documentation. 


User Home Directories 


User home directories let you to set up home directories for each user in your directory. A great 
advantage to setting up home directories is that users can then access their own files using a Web 
browser. In addition, they can share information with the Web community by moving content into 
their own public_html directory. The public_html directory serves as the user’s own primary 
document directory. 


Complete the following tasks for each user who requires a home directory: 


1. 
2. 
3: 


Create a home directory for each User object and specify the path to it. 
Create a public_html directory in each user’s home directory. 


Activate User Document Directories from Apache Manager. 
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See the following sections for details on completing the above tasks. 
(**New Notes from Dave) : 


attributes required for user dirs: Home DirectoryHost Resource NameHost Server The rights 
should be assigned to the container where the users reside and should be ‘inheritable'. Also: 
Configuration Option: Assign Public Rights:assign Public user rights 3 attributes (see dave's email) 
(security risk in givingusers Public rights)User name and password: create a dummy user and give 
rights to it; hdiruser is what dave did on his server--this user only has rights to see the 3 attributes 
(admins freak out about putting user name and password in config file because somebody can see 
them, though it doesn't matter since the three attributes won't let them do anything)Username: 
specifies the dummy user if they chose that routePassword: User objects should be kept in the same 
container as the eDirectory™ server object. If they are not, then the containers that include these 
user objects must be in a partition that is replicated (Master or Read/Write) on the server where 
Apache is running. (Post-beta 2: Brad indicated this para is not true anymore, so I commented it 
out; but see edir doc for other rquirements.) 


Creating Home Directories 


There is nothing unique about a user home directory. Typically, they are directories named after 
the users for whom they were created and are typically created on a volume of the server dedicated 
for this purpose. 


Once each home directory is created, you must specify the path to it within each User object in the 
directory. You might have already done this when you first created the directory. 


Creating Public_HTML Directories 


The public_html directory is the user’s personal primary document directory. So whatever is 
placed in the public-html directory is typically visible to all other users. 


Create the public_html directory as a subdirectory within each of the users’ home directories. To 
help your users, you could create a default index.html file and place it in their public directories. 
That way, they will get something when they point their Web browsers at the new directory for the 
first time, which could prevent support calls. 


Enabling User Home Directories on Apache 


Before user home directories can work you must first enable it. Once enabled, users can view the 
content of their user home directory by typing the domain name, followed by a slash (/), followed 
by -usersname. 


To enable user home directories: 
1 From the User Home Directories page of Content Management, click On. 


2 In the User URL Prefix, specify the character to be used to indicate to Apache the text that 
follows is referring to a user home directory. 


The default character is - because it is the most expected character in use today for home 
directories. But you can specify any character or number. 


3 In the Subdirectory field, type the name of the directory you created for each user as their 
primary document directory. 


The default name is public_html, although it is whatever name you used when you created the 
public directory within the user home directory. 
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Changing the Default Index Filename 


If a document name is not specified in a URL, Apache looks for a specific filename such as 
index.html and returns it to the Web browser. Which filename the Web Server looks for can be 
configured from the Document Preferences page under Content Management. If the specified 
filename cannot be found, the Web browser displays a listing of files and folders located at the 
URL. 


By default, Apache defines index.html as the default home page filename, but you can set this to 
whatever filename you choose. 


If more than one name is specified, the server searches in the order in which the names appear in 
this field until one is found. For example, if your index filenames are index.html and home.html, 
the server first searches for index.html and, if it doesn’t find it, the server then searches for 
home.html. 


If Apache can't find a filename that matches the default index filename, and if the requested 
directory has directory indexing enabled (see “Directory Indexing” on page 38), Apache generates 
its own index file that lists the contents of the directory. 


For example, a request for http://myserver/docs/ would return http://myserver/docs/index.html if 
it exists, or would list the directory if it did not. 


Keep in mind that the default index file does not need to be relative to the directory. For example, 
any of the following would work: 


* index.html 
+ index.txt 
* /cgi-bin/index.pl 


Including three of these in order would cause the /cgi-bin/index.pl CGI script to be executed if 
neither index.html or index.txt existed in a directory. 


To change the current default index filename: 


1 Onthe Document Preferences page under Content Management, type a filename in the Index 
File Name field. 


2 Click Save, and then Save and Apply. 


For more information, see the DirectoryIndex (http://httpd.apache.org/docs-2.0/mod/ 
mod_dir.html#directoryindex) directive on the Apache Web site. 


Redirecting Visitors to an Alternate URL 
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URL forwarding is a method for the Web server to tell a user that a URL has changed— for 
example, if you have moved files to another directory or server. You can also use redirection to 
send a person who requests a document on one server to a document on another server. 


To map a URL to another server, you must first specify the prefix of the URL you want the server 
to redirect. Then, you need to choose which URL to redirect to. You can redirect to a URL prefix 
if the directory on the new server is the same as in the mapped URL; you can also redirect to a 
fixed URL (hostname, directory, and filename). 


To define a URL to be forwarded: 
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1 From the URL Forwarding page of Content Management, type the portion of the old URL to 
be forwarded. 


2 In the Forward Requests To field, type the URL where requests should be forwarded to. 
3 Click Save, and then Save and Apply. 


If you forward to a URL prefix, the forwarding keeps the full pathname and substitutes one prefix 
for another. For example, if you forward http://www.novell.com/info/docs to a prefix 
cambridge.com, the URL http://www.novell.com/info/docs redirects to http://cambridge.com/ 
info/docs. 


However, if the directory structure on the new server is not the same as in the mapped URL, you 
could forward the URL to a fixed URL. For example, you could forward http://www.novell.com/ 
info/docs to http://cambridge.com/new-files/info/docs. 


Sometimes you might want to redirect requests for all the documents in one subdirectory to a 
specific URL. For example, if you had to remove a directory because it was causing too much 
traffic or because the documents were no longer to be served for any reason, you could direct a 
request for any one of the documents to a page explaining why the documents were no longer 
available. For example, a prefix on /info/docs could be redirected to http://www.novell.com/ 
explain.html. 


For more information, see the Redirect (http://httpd.apache.org/docs-2.0/mod/ 
mod_alias.html#redirect) and Alias (http://httpd.apache.org/docs-2.0/mod/mod_alias.html#alias) 
directives on the Apache Web site. 


Also, for more information about general issues surrounding URL redirection, see the URL 
Rewriting Guide (http://httpd.apache.org/docs-2.0/misc/rewriteguide.html) on the Apache Web 
site. 


Creating Virtual Hosts 


The term virtual host refers to the practice ofrunning more than one Web site on a single computer 
(such as, www.company1.com and www.company2.com). Virtual hosts can be IP-based, meaning 
that you have a different IP address for every Web site, or name-based, meaning that you have 
multiple names running on each IP address. Visitors to the Web sites are unaware that both sites 
are running on the same physical server. 


For more information about IP-based virtual hosting, see IP-based Virtual Host Support (http:// 
httpd.apache.org/docs-2.0/vhosts/ip-based.html). For more information about when and how to 
use name-based virtual hosting, see Name-based Virtual Host Support (http://httpd.apache.org/ 
docs-2.0/vhosts/name-based.html). 

To create a virtual host: 


1 On the Virtual Hosts page of Content Management, type the IP address of your server, 
followed by a colon and the port number you want to use. 


For example: 
123.456.789.100: 80 
If you do not include a port number, Apache assumes port 80. 


2 (Optional) To instruct Apache to also listen on a secure port, press the Space bar and then add 
the same IP address followed by the secure port number. For example: 


123.456.789.100:443 
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3 In the Server Name field, type a hostname for your server, such as www.mycompany.com. 
4 Select the Host Type to be used. 


If you are going to use one virtual host per IP/port combination, then you should select IP- 
based virtual hosting. Otherwise, select name-based virtual hosting. 


5 Click Save > Save and Apply. 


Creating Your Own Web Site 


You can use any HTML editor to create a Web site, although most functional corporate Web sites 
are created by professional designers. But depending on your needs and resources, your 
implementation tool can range from any of the readily available Web site creation programs (some 
of which are free) to a team of programmers. Another avenue is to out-source the creation of your 
Web site. 


Creating personal and departmental Web sites can be simple, requiring only minutes to assemble. 
You can use any HTML editor to create the pages of your Web site. 


When you create your home page, save the file as index.htm or .html and that file automatically 
appears when your Web site is accessed. You can then create links to other pages and graphics with 
any filenames. 

HINT: You can configure the Apache to recognize a specific filename and extension so that when a user 


enters your Web server’s URL, it automatically displays your home page. See “Modifying the Primary 
Document Directory” on page 35. 


Accessing Your Web Site 


If you have already successfully installed NetWare 6.5 and the Apache Web server, you can access 
it right now. A sample Web page has been included. You can remove these pages and replace them 
with your own content. 


To view the sample Web site, open a client Web browser on a workstation in your network and 
enter your NetWare server’s IP address or DNS name. For example: 


http://server_IP_address 
or 


http: //domain_name 


Adding Content to Your Web Site 
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Apache has a document root or primary document directory. By default, the path to the primary 
document directory is volume:/Apache2/htdocs. This is where the temporary index page is stored 
and where you will place your home page. 


All content placed in this folder is visible to your Web site audience. If necessary, you can easily 
specify another directory as the primary document root directory. (See “Modifying the Primary 
Document Directory” on page 35.) 


Once Apache is running, you can start posting content for the world (or your department or 
company) to see by placing files in Apache’s primary document directory. You can also create 
additional document directories, which is a good idea if departments want to publish their own 
content to the company Web site but you don’t want to give users control ofthe primary document 
directory. (See “Adding an Additional Document Directory” on page 36.) 
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What's Next 


Once you’ve created content and configured the server to run optimally, you might want to learn 
more about the following subjects: 


* Chapter 5, “Managing Apache Modules,” on page 47 
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Managing Apache Modules 


One of the strengths of Apache is the ability to extend the Web server through modules. In fact, 
most of the functionality that exists in the Apache Web server is provided by modules. 


This section introduces you modules, discusses some of the Apache modules unique to NetWare, 
and shows you how to enable modules. 


About Apache Modules 


There are two types of Apache modules: external and internal (or built-in). An external module 
contains a set of functions that are wrapped up into a separate executable file. Having a module as 
a separate file allows the administrator to add, replace or remove the module as needed. If a newer 
version of a module becomes available, the administrator simply has to copy the new executable 
file into the sys:\Apache2\modules directory and restart the server. 


The second type of module is an internal (or built-in) module. An internal module also contains a 
set of functions, except that those functions are compiled right in to the Apache executable when 
it is compiled from the Apache source code. Therefore, there is no difference between an external 
or internal module. In fact, an external module can be compiled directly into the Apache 
executable by simply including the source as part of the core Apache code. 


When a request is received by the Apache Web server, it must pass through a series of stages in 
order for it to be completely handled. The architecture of Apache allows a module to insert itself 
into any one or more of these stages. 


Three of these stages deal with Web server security: Access Control, Authentication, and 
Authorization. There are currently various Apache modules available that supply handlers for one 
or more of these stages in order to give the Apache Web Server a certain level of security. 


Using Mod_edir 


Mod_edir adds authorization services to the mod_auth_Idap Apache authentication module. It 
requires that mod auth Idap be loaded before the edir_ module since it relies on mod_auth_Idap 
for the authentication services. In addition, mod_edir also provides support for access 
eDirectory™-based user home directories and remote file systems. 


This module is a NetWare-only module that relies on eDirectory and the NetWare file system for 
file rights enforcement. 


Mod edir includes the following directives: 
* eDirServer 
* eDirUserAccount 


* eDirPassword 
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* eDirCacheTimeout 

* hDirUserTag 

* hDirUserSubDirectory 
* hDirSearchContexts 
* HomeDirEnabled 

* RemoteDirEnabled 


* Require edir-user 


Anonymous Versus Authenticated Modes 


Mod _eDir has the ability to provide authorization, home directory and remote file access 
functionality. In order to provide this functionality, mod_eDir must be able to make a connection 
to eDirectory as well as to remote servers. There are two modes in which mod_eDir can make these 
connections. These two modes are "Anonymous" and "Authenticated" modes. The basic 
difference between the two modes is whether mod_eDir accesses the information in eDirectory or 
remote file systems through public rights or uses a special user ID and password to login. 


Anonymous Mode 
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When mod_eDir is configured in anonymous mode, it does not need to use a user id or password 
to login before extracting information from eDirectory or a remote file system. In order for 
anonymous mode to work correctly, the administrator must allow public access to certain 
attributes within eDirectory. The most important attribute that is required by mod_eDir is the 
"Home Directory" attribute of each user object. This attribute stores the server, volume and path 
to each user's home directory. 


There are two requirements that must be satisfied before anonymous mode will work correctly. 
The first requirement has to do with allowing access to the "Home Directory" attribute of each user 
object within eDirectory. The second requirement deals with allowing access to a remote server's 
file system. When a request is made to retrieve a web page from a user home directory, the URL 
should contain the home directory tag followed by a user ID (i.e. http://myserver.com/-bnicholes/ 
index.html). Mod_eDir will then make an anonymous request through LDAP to retrieve the value 
of the "Home Directory" attribute of the specified user. If the home directory attribute has not been 
assigned public access rights, the anonymous request will fail to extract the required information. 
What this means is that the [PUBLIC] object within eDirectory must be allowed to read this 
attribute. In order to allow access to a remote server's file system, the Apache server must be able 
to login as server to the remote file server. Being able to login as server requires that the NetWare 
server that is running the Apache web server, must have a local eDirectory replica and the server 
object within eDirectory must have must have file scan and read right on the remote server's file 
system. 


Advantages: 


* Does not require that the administrator stores a user id and password on the file system in the 
clear. 


* Configuring the remote directory and home directory support in the Apache configuration file 
is much easier and requires fewer directives. 


* User home directory availability can be controlled by allowing or disallowing public access 
to the attribute for any given user object. 
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Disadvantages: 


* Requires that the administrator gives public access rights to either the entire eDirectory tree 
or to the "Home Directory" attribute of each individual user that is allowed home directory 
functionality. 


* Requires administrator intervention before a new user is able to access his home directory 
through the web. 


* A local replica of the eDirectory tree must exist on the NetWare server that is running the 
Apache Web server. 


* The server object of the NetWare server that is running the Apache Web server must be given 
rights to all remote file systems it intends to access. 


Authenticated Mode 


Configuring mod_eDir in authenticated mode allows it to free access all of the required 
information both in eDirectory as well as remote file systems without having to assign public 
access rights. But authenticated mode requires that a user id and password be stored in an Apache 
configuration file. It also requires that a user object for the Apache Web server be created within 
eDirectory and assigned all of the necessary rights to allow it to access the "Home Directory" 
attribute of all user objects and File Scan and Read rights to all remote file systems that it intends 
to access. It is suggested that the user id and password not be stored in the Apache HTTPD.CONF 
file or any other main.conf file, but rather store the them in a separate file that can be secured 
through additional file system rights. In other words, create an addition.conf file that hold only the 
directives for specifying the user id and password to the Apache user object. Then either place the 
additional.conf file in a secure location on the file system or assign sufficient rights to the file so 
that only an administrator can view it. Then from within the HTTPD.CONF file simply include the 
additional.conf file wherever necessary. As a side note and for additional security, it is also 
suggested that the HTTPD.CONF be assigned sufficient rights to only allow administrator access 
only. 


Advantages: 


+ Does not require administrator intervention before a user is able to access the home directory 
through the web. 


* Allows the Apache module to bind directly to LDAP rather than having to depend on public 
rights granted through eDirectory. 


* Allows the Apache server to acquire the "Home Directory" attribute information from any 
LDAP server rather than requiring a local replica of eDirectory. 


+ All access to home directories and remote file systems can be controlled through a single 
Apache user object within eDirectory. 


Disadvantages: 
* Requires that a password be stored on the file system of the NetWare server. 


* Requires the administrator to create an "Apache" user object and grant it the appropriate read 
and file scan rights for both the user objects and the remote server file systems before home 
directory and remote directory functionality is available. 
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Combining Mod_edir with Mod_auth_LDAP: An Example 


eDirServer 


The example below shows how mod_edir can be combined with mod_auth Idap to provide both 
authentication and authorization services: 


LoadModule ldap_module modules/utilldap.nlm 
<IfModule util_ldap.c> 
LoadModule auth_ldap_module modules/authldap.nlm 
LoadModule edir_module modules/mod_edir.nlm Alias /secure sys:/webpages/ 
secure 
<Directory sys:/webpages/secure> 
Order deny, allow 
Allow from all 
AuthType Basic 
AuthName LDAP_Protected_Site 
AuthLDAPURL ldap://my.ldap.server/o=my_context 
require edir-user 
</Directory> 
</IfModule> 








The following is an example that shows an anonymous mode configuration of mod_edir for home 
directory and remote directory support: 


LoadModule edir_ module modules/mod_edir.nlm 
<IfModule mod_edir.c> 
hDirSearchContexts o=users Alias /rdocs "remotesrv/data:/webpages/ 
remote" 
<Directory "data:/webpages/remote"> 
Options Indexes MultiViews 
Order allow, deny 
Allow from all 
</Directory> 
</IfModule> 


The next example shows an authenticated mode configuration of mod_edir (in httpd.conf): 


LoadModule edir_module modules/mod_edir.nlm 
<IfModule mod_edir.c> 
include edirauth.conf hDirSearchContexts o=users Alias /rdocs 
"remotesrv/data:/webpages/remote" 
<Directory "data:/webpages/remote"> 
Options Indexes MultiViews 
Order allow, deny 
Allow from all 
</Directory> 
</IfModule> 


The following is in the edirauth.conf file: 


<IfModule mod_edir.c> 

eDirServer MY_SERVER 

eDirUserAccount cn=apache_server.o=admin_objects eDirPassword secret 
</IfModule> 


Description: Specifies the eDirectory server that will be access through LDAP 


Syntax: eDirServer <Server-Name> 
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Context: server config, virtual host 
Status: Extended 
Module: mod_edir 


Use the eDirServer directive to specific the server that will be used to login in and extract 
eDirectory information. This directive is only required if running in authenticated mode. (See 
“Anonymous Versus Authenticated Modes” on page 48). 


eDirUserAccount 


eDirPassword 


Description: Specifies a user id for logging into eDirectory 
Syntax: eDirUserAccount <User-ID> 

Context: server config, virtual host 

Status: Extended 

Module: mod_edir 


Use the eDirUserAccount to specify the user id of the eDirectory user object that has been granted 
rights to access eDirectory information such as the "Home-Directory" attribute of each user object 
and any remote file system that will be accessed from the Apache server box. Please see the 
explanation of the authenticated vs. anonymous modes. 


Description: Specifies the password the eDirectory user account password 
Syntax: eDirPassword <Password> 

Context: server config, virtual host 

Status: Extended 

Module: mod_edir 


Use the eDirPassword to specify the password that corresponds to the user id defined by 
eDirUserAccount. (See “Anonymous Versus Authenticated Modes” on page 48). 


eDirCacheTimeout 


Description: Specifies the number of seconds before a cache entry times out 
Syntax: eDirCacheTimeout <nnn-seconds> (Default = 300 seconds) 
Context: server config, virtual host 

Status: Extended 


Module: mod_edir Use the eDirCacheTimeout directive to specify the number of seconds each 
cache entry will remain in the cache before timing out. The default value if no time out value has 
been specified is 300 seconds. A cache time out value of 0 will disable the cache. 


Managing Apache Modules 51 


hDirUserTag 
Description: Specifies the URL tag used to indicate a user home directory 
Syntax: hDirUserTag <Tag> (Default = '~' 
Context: server config, virtual host 
Status: Extended 
Module: mod_edir 


Use the hDirUserTag directive to change the default tag used on in the URL to indicate that the 
following name specifies a user. Mod_eDir will use the user name to look up that user's home 
directory in eDirectory and then attempt to server the requested web page from that location. 


hDirUserSubDirectory 
Description: Specifies the subdirectory name with in a user home directory 
Syntax: hDirUserSubDirectory <Sub-Dir-Name> Default ("public_html") 
Context: server config, virtual host 
Status: Extended 
Module: mod_edir 


Use the hDirUserSubDirectory directive to change the name of the default subdirectory where 
mod_eDir will attempt to access the requested web page. After mod_eDir has extracted the user 
home directory from eDirectory, it then appends the name of the sub-directory specified by 
hDirUserSubDirectory and then attempts to access the requested web page from that location. The 
default location for any user would be "server/volume:/home-dir-path/public_html". 


hDirSearchContexts 
Description: Specifies a list of search contexts 
Syntax: hDirSearchContexts <Context, Context, ...> 
Context: server config, virtual host 
Status: Extended 
Module: mod_edir 


Use hDirSearchContexts to specify a list of contexts that will be search to resolve a user id to a 
user home directory. By default each context and all sub-contexts will be searched until a matching 
user id is found. Mod_eDir will stop searching as soon as it finds a matching user id. Therefore all 
user id's must be unique within the search contexts specified. 


HomeDirEnabled 
Description: Enables or disables user home directory support 
Syntax: HomeDirEnabled <On|Off> (Default = On) 


Context: server config, virtual host 
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Status: Extended 
Module: mod _edir 


Use HomeDirEnabled to enable or disable the user home directory support in mod _eDir. The 
default is to enable home directory support. 


RemoteDirEnabled 
Description: Enables or disables remote directory support 
Syntax: RemoteDirEnabled <On|Off> (Default = On) 
Context: server config, virtual host 
Status: Extended 
Module: mod _edir 


Use RemoteDirEnabled to enable or disable the remote file system access support in mod_eDir. 
The default is to enable remote file system support. 


Require edir-user 
Description: Specifies that only an eDirectory user has access a resource 
Syntax: Require edir-user 
Context: directory, .htaccess 
Override: AuthConfig 
Status: Extended 
Module: mod_edir 


Require edir-user must be accompanied by AuthName and AuthType directives, and 
AuthLDAPURL in order to work correctly (see the example above). 


Access controls which are applied in this way are effective for all methods. This is what is 
normally desired. If you wish to apply access controls only to specific methods, while leaving 
other methods unprotected, then place the Require statement into a <Limit> section. 


See the mod auth ldap documentation on apache.org. 


Enabling Scripting Modules 
To use Perl, Novell Sripting, or PHP, you must first enable each of the modules from the Modules 
pages in Apache Manager. 
1 From the Modules page, click the module name of the scripting language you want enabled. 
2 Click Yes. 
3 Click Save. 


For more information about any of these scripting languages, visit the Novell Developer Kit (http:/ 
/developer.novell.com/ndk) Web site. 
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